Open edsu opened 9 months ago
@edsu It should be able to get a token from the IIIF token service and then submitting that in the Authorization header for the file. See https://github.com/ProjectMirador/mirador/blob/cefe7b7b520ae1cb637d935c7b3cfceaff96b14a/src/components/AccessTokenSender.js#L4
Getting the token should definitely be doable. But convincing model-viewer to use it when fetching the file might be tricky. I can take a look at UniversalViewer's use of model-viewer since it has IIIF baked in.
model-viewer relies on three's GLTFLoader which in turn uses fetch to get the URL. Unfortunately it doesn't look like there's a way to pass an Authorization header down that deep, so I think we would need to patch Window.fetch()
to add the header to the request before it is sent, along the lines of what is suggested here.
This could prove difficult since the patching would need to happen prior to the <model-viewer>
running its request. It likely would require us to move away from using the custom element and configure the model-viewer instance by hand after the token handshake has happened. We also would obviously want to make sure the token was NOT added to other requests. This will not be very pretty, and I think it would be preferable for Stacks to send the correct CORS headers for Stanford Only items, as outlined in this PR: https://github.com/sul-dlss/stacks/pull/1068.
Currently it's not possible to view Stanford Only 3D objects in SearchWorks and PURL. There are 39 items, for example: https://purl.stanford.edu/bx715my3000
The reason for this is similar to the analysis in #1642.